Company News

TUNE Successfully Completes SOC 2 Type II Examination of Security Controls

Ben Golden

TUNE also completes a clean SOC 1 Type II Audit, continuing to lead the industry in its commitment to trustworthiness and stability

For the third year in a row, TUNE has completed a successful SOC 2 Type II audit of its system and organization controls relevant to security.  TUNE also underwent a SOC 1 Type II audit to evaluate the suitability of its financial reporting system design and operating effectiveness. TUNE is proud to announce that it received a clean bill of health, as zero exceptions were noted in either report. 

SOC compliance is a component of the American Institute of CPAs’ (AICPA) Service Organization Control reporting platform, intended to assure the security, availability, processing integrity, confidentiality, and privacy of customer data.  SOC 2 audits are both technical and pragmatic, as they require that a company document and follow comprehensive information security policies and procedures.  SOC 1 audits test a user entities’ relevant internal controls specifically as they relate to financial reporting, indicating that TUNE clients can expect quality control from TUNE reporting. 

In pursuing more stringent and comprehensive Type II certifications (rather than a Type I), TUNE chose to test its policies and procedures over a lengthy time period rather than a single moment in time.  The audit period for TUNE’s report extended from August 19, 2019 through November 30, 2019. The reports were issued on January 27, 2020.

TUNE engaged an independent third-party auditor to review security and reporting controls.  Starting in 2017, TUNE has voluntarily undergone this invasive and time-consuming audit each year to test the sufficiency of its procedures and execution on a variety of systems. 

TUNE pursues these voluntary examinations to both improve its practices and demonstrate its commitment to provide trustworthy and transparent solutions, giving clients, vendors, and employees peace of mind that they can do business with TUNE worry-free.  TUNE views the feedback loop generated from periodic third-party reviews — including active dialogue with auditors — as the best means to improve forward-looking operations.  

TUNE has also invested in a robust privacy program.  TUNE made backend upgrades in advance of the General Data Protection Regulation (GDPR) enforcement launch on May 25, 2018, which enabled us to be prepared for the new California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020.  To evidence TUNE’s GDPR compliance, we voluntarily submitted to a legal and technical audit by ePrivacy.  While GDPR’s substantive and technical regulatory obligations translated well to CCPA, TUNE recently made modest updates to more explicitly reference CCPA in relevant external documentation.

Learn More

TUNE previously completed SOC 2 Type II audits covering periods of time in 2017 and 2018, and intends to sustain its investments in a customer-centric security program.  

Relevant portions of both the SOC 2 Type II and SOC 1 Type II reports are available upon request to [email protected] for TUNE clients as well as prospects under a non-disclosure commitment.  To learn more about how TUNE approaches data security and privacy, click here

Never miss a thing!

Want the goods delivered straight to your inbox?
Sign up for our blog recap emails to stay in-the-know about digital marketing, analytics, and optimization.

Author
Ben Golden

As General Counsel, Ben Golden helps TUNE solve problems, manage risk, and lay the foundation for continued growth. Prior to joining TUNE, Ben was an attorney at Perkins Coie, served on the University of Washington's Board of Regents, managed a state legislative campaign, researched in Ghana on behalf of a start-up social enterprise, split an apple strudel with Kofi Annan while working at a think tank in Salzburg, and lectured on Pink Floyd lyrics as an English teacher in Taiwan. As a Double Dawg and proud Seattleite, Ben is thrilled with TUNE's industry leadership and community engagement.